Configuring the System error or event log (syslog)
Syslog is a standard for computer message logging and integrates log data from many different types of systems into a central repository.
AuthorizationRoot user authority is required on UNIX operating systems.
DescriptionThe program of the syslog is syslogd, that is, syslog daemon. The configuration file /etc/syslog.conf is used to control the output of syslogd. The user has to configure the log configuration file (/etc/syslog.conf) and each line in the configuration file must consist of the first two parts below:
- A selector to determine the log message priorities which is the facility.priority pair.
- A log destination (file path) for the above selector.
- Rotation (optional)
- kern - kernel messages
- user - random user-level messages (recommended for the db2audit extract command)
- mail - mail system messages
- daemon - system daemons
- auth - security/authorization messages (recommended for the db2audit extract command)
- syslog - messages generated internally by syslogd
- lpr - line printer subsystem
- news - news subsystem
- uucp - uucp subsystem
- cron - clock daemon
- caa - Cluster aware AIX® subsystem
- local0 ~ local7 - reserved for local use (recommended for the db2audit extract command)
- * - (all facilities- used only in the configuration file and not in the commands or API)
- emerg or panic - system is unusable
- alert - action must be taken immediately
- crit - critical conditions
- err or error - error conditions
- warn or warning - warning conditions
- notice - normal but significant condition
- info - informational
- debug - debug-level messages
date time hostname facility:priority username: message_body.All items before the message_body are metadata, for example:
Oct 10 12:05:23 hotel37 mail:err newton: The user newton just got a mail error.
User messages at info or higher priority go to the /var/log/db2/user_messages.log.
Mail messages at crit or higher priority go to the console.
All facilities at debug or higher priority go to/var/log/all_messages.log.
Authorization messages at warning or higher priority are forwarded by the local syslog daemon (syslogd) to the syslog daemon (syslogd) on host123 machine.